Search Images Maps Play YouTube News Gmail Drive More »
Sign in
Screen reader users: click this link for accessible mode. Accessible mode has the same essential features but works better with your reader.

Patents

  1. Advanced Patent Search
Publication numberUS7676433 B1
Publication typeGrant
Application numberUS 11/277,133
Publication dateMar 9, 2010
Filing dateMar 21, 2006
Priority dateMar 24, 2005
Fee statusPaid
Publication number11277133, 277133, US 7676433 B1, US 7676433B1, US-B1-7676433, US7676433 B1, US7676433B1
InventorsDavid Justin Ross, Bill G. Cornell
Original AssigneeRaf Technology, Inc.
Export CitationBiBTeX, EndNote, RefMan
External Links: USPTO, USPTO Assignment, Espacenet
Secure, confidential authentication with private data
US 7676433 B1
Abstract
Risk of personal identity theft, especially in connection with on-line commerce, is mitigated by maintaining private data in a secure database maintained by a trusted third party verification service. To authenticate the identity of a user or customer, in one embodiment, a knowledge-based challenge is issued to the user, and the response is compared to stored data by the verification service. The verification service reports to the vendor, to authenticate the user identity, capability and or authorization for the proposed transaction without disclosing private data to the vendor.
Images(2)
Previous page
Next page
Claims(21)
1. A method of authenticating the identity of a user, in connection with a requested transaction between the user and a target vendor of goods or services, leveraging selected private data of the user without disclosing the private data to the vendor, the method comprising the steps of:
maintaining a database of obfuscated private data associated with a user identifier;
receiving an identity verification request from the target vendor, the verification request including a user identifier;
issuing a KBA—knowledge-based authentication—challenge to a user associated with the received user identifier, the challenge requesting that the user submit at least one specified element of the private data stored in the database;
receiving a response from the user including purported private data responsive to challenge;
if the received purported private data is not obfuscated, obfuscating the purported private data in the same manner as the obfuscated private data is maintained in the database;
comparing the obfuscated purported private data to the corresponding obfuscated private data stored in the database; and
returning a result of the comparison to the target vendor without disclosing the stored private data in clear form; wherein
the foregoing method steps are carried out by a trusted, independent verification service;
the verification service receives the private data from a third-party in obfuscated form and maintains it in the database in that obfuscated form; and
the verification service receives the purported private data from the user in obfuscated form, so that the verification service has no access to the private data in clear form.
2. A method according to claim 1 wherein the result includes a pass/fail indication based on said comparing the obfuscated purported private data to the corresponding obfuscated private data stored in the database.
3. A method according to claim 1 and further comprising notifying the user of the result of the comparison.
4. A method according to claim 1 and further comprising communicating a KBA challenge message to the user on behalf of the vendor to confirm the user's ability to effect the requested transaction.
5. A method according to claim 1 and further comprising communicating a KBA challenge message to the user on behalf of the vendor to confirm the user's authority to effect the requested transaction.
6. A method according to claim 1 including providing a server computer coupled to the database of private data; and wherein
the identity verification request is transmitted from the target vendor to the server;
the KBA—knowledge-based authentication—challenge is transmitted to the user from the server;
the response to the KBA is transmitted from the user to the server; and
the result is transmitted from the server to the requesting target vendor.
7. A method according to claim 6 wherein the said transmissions of information among the server, the vendor and the user are carried out via a communications network.
8. A method according to claim 6 wherein the said transmissions of information among the server, the vendor and the user are carried out via a computer network.
9. A method according to claim 6 and further comprising returning a result of the comparison from the server to the user.
10. A method of authenticating the identity of a user, in connection with a requested transaction between the user and a target vendor of goods or services, leveraging selected private data of the user without disclosing the private data to the vendor, the method comprising the steps of:
maintaining a database of obfuscated private data associated with a user identifier;
receiving an identity verification request from the target vendor, the verification request including a user identifier;
issuing a KBA—knowledge-based authentication—challenge to a user associated with the received user identifier, the challenge requesting that the user submit at least one specified element of the private data stored in the database;
receiving a response from the user including purported private data responsive to challenge;
if the received purported private data is not obfuscated, obfuscating the purported private data in the same manner as the obfuscated private data is maintained in the database;
comparing the obfuscated purported private data to the corresponding obfuscated private data stored in the database; and
returning a result of the comparison to the target vendor without disclosing the stored private data in clear form;
wherein the result includes a correlation score calculated based on said comparing the obfuscated purported private data to the corresponding obfuscated private data stored in the database.
11. A method of authenticating the identity of a user, in support of a transaction between the user and a target vendor of goods or services, the method comprising the steps of:
maintaining a database of private data elements associated with a user identifier in the custody of a trusted entity;
receiving an identity verification request from the target vendor, the verification request including a user identifier;
issuing a KBA—knowledge-based authentication—challenge to the user associated with the received user identifier, the challenge requesting that the user submit at least one specified element of private data in obfuscated form;
receiving a response from the user including purported private data in obfuscated form;
transmitting the received purported private data to the trusted entity;
at the trusted entity, comparing the purported private data to the corresponding private data elements stored in the database; and returning a result of the comparison to the target vendor; wherein:
the foregoing method steps are carried out by a verification service;
the verification service receives the private data from a third-party in obfuscated form and maintains it in the database in that obfuscated form; and
the verification service receives the purported private data from the user in obfuscated form, so that the verification service has no access to the private data in clear form.
12. A method according to claim 11 and further comprising:
if the result returned to the target vendor authenticates the user's identity,
receiving from the authenticated user a user-created information string,
adding the information string to the database of private data in association with the corresponding user identifier; and
using the stored information string for a subsequent knowledge-based authentication of the user's identity.
13. A method according to claim 11 and further comprising:
if the result returned to the target vendor confirms the user's identity,
generating a data string;
storing the generated data string in the database of private data in association with the corresponding user identifier;
communicating the stored data string to the user; and
using the stored data string for a subsequent knowledge-based authentication of the user's identity.
14. A method according to claim 11 and including the step of de-obfuscating the purported private data at the trusted entity to form clear purported private data; and wherein said comparing step comprises comparing the clear purported private data to the corresponding private data elements stored in the database.
15. A method according to claim 11 wherein:
the private data elements are stored in the database at the trusted entity in obfuscated form; and
said comparing step comprises comparing the obfuscated purported private data to the corresponding obfuscated private data elements stored in the database.
16. A method according to claim 11 wherein the trusted entity maintains current private data of the user in connection with its customer relationship with the user.
17. A method according to claim 11 wherein:
the verification service creates a hash table based on the private data; and
said comparing step comprises comparing the user-submitted private data to the corresponding hash table.
18. A method according to claim 11 including providing a server computer under control of the verification service and coupled to the database of private data; and wherein
the identity verification request is transmitted from the target vendor to the verification service server;
the KBA—knowledge-based authentication—challenge is transmitted to the user from the verification service server;
the response to the KBA is transmitted from the user to the verification service server; and
the result is transmitted from the verification service server to the requesting target vendor.
19. A method according to claim 11 wherein the said transmissions of information among the server, the vendor and the user are carried out via a communications network.
20. A method according to claim 11 wherein the said transmissions of information among the server, the vendor and the user are carried out via a computer network.
21. A method of verifying authorization of a user to conduct a requested transaction between the user and a target vendor of goods or services, leveraging selected private data of the user without disclosing the private data to the vendor, the method comprising the steps of:
maintaining a database of obfuscated private data associated with a user identifier, the private data including authorization data;
receiving an authorization verification request from the target vendor, the verification request comprising an obfuscated token that reflects a user identifier and a description of the requested transaction;
comparing the authorization verification request to the authorization data stored in the database in association with the user identifier, without de-obfuscating either the request or the stored authorization data; and
returning a result of the comparison to the target vendor indicating whether or not the requested transaction is consistent with the user's authorization data.
Description
RELATED APPLICATIONS

This application claims priority from U.S. Provisional Application No. 60/665,273 filed Mar. 24, 2005 and incorporated herein by this reference.

COPYRIGHT NOTICE

© 2005-2006 RAF Technology Inc. A portion of the disclosure of this patent document contains material that is subject to copyright protection. The copyright owner has no objection to the facsimile reproduction by anyone of the patent document or the patent disclosure, as it appears in the Patent and Trademark Office patent file or records, but otherwise reserves all copyright rights whatsoever. 37 CFR §1.71 (d).

TECHNICAL FIELD

This disclosure pertains to methods and systems for leveraging private data to authenticate the identity of a user to a target service without disclosing the private data.

BACKGROUND OF THE INVENTION

Online verification of an individual comprises two parts: establishing the existence of an identity that is allowed to perform the transaction, and establishing that the present user has that identity. A common method for establishing the existence and content of the online identity claimed by the user is to ask the user for personal information items that are presumed to be known by him and by the system but by no one else. These items fall into two broad (and somewhat overlapping) categories: what we call herein “in-wallet” and “out-of-wallet” data.

In-wallet data is data you know about yourself or can find quickly and easily, for example by consulting cards carried “in your wallet”. Name, address, telephone number, Social Security number (SSN), driver's license number (DLN), and birth date are examples of in-wallet data. Mortgage holder, last transaction amount to a merchant or government agency, and car registration number are examples of out-of-wallet data. Often in- and out-of-wallet data are used sequentially to authenticate a person. In-wallet data is used to determine which identity is claimed, and then out-of-wallet data (presumably harder for a fraudster to obtain) is used to establish that the user is that person.

The difficulty with this approach is that for it to work, the “private” data of the user (e.g. out-of-wallet data) must be revealed to the authenticator so the authenticator can compare it with its file of authenticating information. This has two problems. First, the user must give the authenticator his private data and second, the authenticator had to get that data from some other source who gathered the data in the first place. Thus, as currently constructed, such a system only works if the authenticator already has a compendium of “private” data against which to compare the user's information.

Almost always that data comes from a third party who gathered the data. There are therefore at least three parties who have the “private” data—the user, the authenticator, and the third party provider. Worse yet, much of the so-called “private” data was gathered by the third party from “public” sources—phone books, credit reports, and the like. If the third party isn't the entity that gathers the data directly from the user, then they are in the same situation as the authenticator—they have to get the data from yet another party. There is no telling how many hands the “private” data passes through prior to its being used for authentication.

This presents a contradiction: to be useful for authentication, the user's data must be “private” (otherwise spoofers can get at it), but it also must be available to the authenticator—which reduces its privacy. Given the large number of authenticators currently working, and the small number of available data items on a person, it becomes clear that the more a data item is used for authentication, the less reliable it is for authentication. The increasing reluctance of users to supply social security number or mother's maiden name (two of the most common data elements previously used for authentication) indicates that users have a (correct) feeling that each use of such information makes it less private, and hence increasingly exposes the user to identity theft. Users, therefore, are increasingly reluctant to put private information in the hands of authenticators, no matter how trustworthy they believe the authenticators to be.

We have observed, however, that there are certain entities that users routinely trust with their private information: those whose business it is to use the information for its original purpose. For example, no one thinks twice about his bank possessing his bank account numbers or knowing the balance in his checking account. Banks are supposed to have that information, and require it to perform the functions users expect of them. Utilities are assumed to hold user utility bill information, such as gas and electric bills. Wireless telecommunications carriers hold a mountain of cell phone user call data.

BRIEF SUMMARY

We propose to leverage the reliability of private data held by trusted entities to provide secure, reliable authentication of a user without exposing that private data to others, or even to the authenticator. Additional aspects and advantages will be apparent from the following detailed description of preferred embodiments, which proceeds with reference to the accompanying drawings.

BRIEF DESCRIPTION OF THE DRAWING

FIG. 1 is a simplified diagram illustrating one embodiment of a system and methods for authenticating the identity of a user to a target service without disclosing private data.

DETAILED DESCRIPTION OF PREFERRED EMBODIMENTS

Embodiments described below may be useful both for initially establishing the identity of a user and for extending that initial identification to subsequent transactions. (The concept of extending identification to subsequent transactions alludes to the following. If a user provides identifying information (say social security number, driver's license number, name and address) to someone in order to get a user name and password, subsequent use of that user name and password extends the original identifying information to the transaction for which the user name and password are used. Indeed, such things as digital certificates and passwords are only as secure as the original identifying information used to obtain them).

Heretofore, it has been presumed that for an authenticator to use private data for authentication, he had to possess that information. One advantage of several embodiments described herein is to make that possession unnecessary. The present patent application proposes systems and methods of using private information without revealing that private information to anyone beyond those who already had that information because it is material to an existing business relationship with the user. The authenticator at no time has direct access to the user's private information, i.e., he cannot read it, and hence that information isn't “cheapened” through use.

The proposed methods and systems generally function as follows: A user wishes to be authenticated for some electronic transaction. The authenticator wants to establish (1) that there exists an identity capable of performing the transaction (that is, both able to and, if appropriate, authorized to perform it) and (2) that the user is that person. There exists a third party who, as part of his normal business relationship with the user, gathers private information on the user. An example would be a utility company who knows the amount of a user's most recent electric bill because they sent it to him. I use the utility bill as an example, but this invention does not depend on the precise nature of the private data—only that it is highly unlikely to be known by anyone other than the user and an entity that gathers it directly from the user (or issues it to him).

In this illustration, the authenticator asks the user for the amount of his most recent electric bill. Instead of providing that information “in the clear”, the user encrypts (or otherwise obfuscates) the data before providing it to the authenticator.

The authenticator then sends the encrypted information on to the utility company or other trusted entity. The utility company can then do one of two things, either of which fulfills the requirements of an embodiment of the present invention: They can decrypt the information and compare it with their records, or they can directly compare the encrypted submission with a corresponding record encrypted in the same manner. It does not matter for the purpose of this invention which method is used.

In one alternative embodiment, the utility can provide files of personal data in encrypted form to the authenticator, who then compares its contents to the data provided by the user. The user data must have been encrypted using the same algorithm as that used by the utility (otherwise comparison of the two bits of encrypted data won't work). The user data must have been encrypted by the user without the data having been first supplied in clear form to the authenticator. The important consideration is that the private data in a readable form remain only in the hands of the user and the data possessor (here, the utility). This prevents the data from being cheapened with use, because unlike with current methods, no other party gets access to the data in readable form.

It is not necessary that the data used for authentication be merchant data, or indeed any particular kind of data. For example, in an alternative embodiment, a user provides text strings of identifying information (either in person or online) and, once identified to the service (the exact means for this is not relevant to the invention), provides a data set to the service that can later be used in the manner of this invention. In this case, the system is used to extend the identification provided at registration to all transactions performed by the user, but making it much easier on the user to do so and not requiring that the initial identifying information be presented over and over to multiple authenticators in a readable, unencrypted form (which would cheapen the identifying information).

The data set can contain almost anything—children's names, nonsense words, dates. The data can be provided to the service in clear-text form or, for additional security, provided only in encrypted form. In the latter case, only the user ever knows what the information strings contain.

What particular type of data is supplied in this manner is not critical. Later, when the user seeks to be authenticated by a site using the service, he provides one of the secret strings (in encrypted form) to the site. The site passes the encrypted string on to the service, which authenticates it as having come from the user. Alternatively, the service could provide a list of strings (in encrypted form) and the authenticator could do its own comparison. Because the strings are encrypted, they are not revealed to the authenticator. The encryption method should be sufficiently thorough so as to not be subject to a black box attack.

The attached drawing FIGURE depicts one possible embodiment, in which the numbered steps represent the sequence of events occurring during authentication. With reference to the enclosed drawing, a transactor (user) sends an access request to a target service (step 1). The target service then sends to a verification service a request for authentication of the transactor (step 2). (In this example, the verification service is labeled “RAF Verification Service” after the name of the assignee of this invention, RAF Technology Inc.) The verification service then issues a knowledge-based authentication challenge (“KBA challenge”) to the transactor (step 3), which may include an embedded encryption agent, such as a Java object, Active-X control, etc. The KBA challenge requests that the transactor provide certain specified private data to authenticate the transactor. The transactor's response to the KBA challenge is encrypted at the transactor's computer, by the encryption agent or otherwise, and submitted to the verification service (step 4).

The verification service then retrieves from its database encrypted identification elements stored in its database and corresponding to the purported identity of the transactor (step 5) and compares them against the encrypted challenge response submitted by the transactor (step 6). In the embodiment shown, the identification elements are provided to the authentication service in encrypted form by original data processors (in the drawing there are three, all labeled “data provider”) running a compatible encryption process, and the identification elements are then stored by the authentication service in encrypted form. In another embodiment, the comparison is done against a hash table rather than actual data.

The verification service then returns the results of the comparison to the target vendor, e.g., an indication of the correlation (or lack thereof) between the transactor's response to the KBA challenge and the encrypted personal information accessible to the verification service (step 7). The indication may comprise a correlation score calculated by the verification service. Alternatively, it may comprise a pass/fail indication based on predetermined minimum correlation criteria of the authenticator or minimum correlation criteria that are preselected by the target service either at the time of requesting authentication or beforehand. Upon receiving an indication of a positive verification or authentication from the verification service, the target service provider then grants to the transactor access to the requested service (step 8).

Skilled persons will appreciate that the embodiment depicted in FIG. 1 is only one possible embodiment. Illustrative alternative implementations of the technology include but are not limited to the following. For example, the steps performed by the verification service could easily be implemented at the target service (using, say, encrypted data) without compromising the integrity of the private data held by the transactor and the data providers.

In much of the discussion above, the identifying data has been used to establish who the user is. It is also possible to use the data to establish that the user is capable and/or authorized to perform the requested transaction. For example, the user could supply in encrypted form a request to his bank to certify him for a particular dollar amount. The bank could then release to the authenticator a dollar amount authorized for the transaction. No information beyond that on the user's creditworthiness need be released. This particular example is similar to the existing protocol when a merchant sends in an authorization request to a credit card company—he specifies the amount of the bill and the card company authorizes the transaction (or not) for that amount. Thus, in the prior art, there is no veiling of the token (the merchant has the credit card, with its number, in his hand). In accordance with the present invention, by contrast, the merchant would send an encrypted token whose contents were unknown to him, along with the dollar amount.

Authorization also can be established by the user sending an encrypted message via the authenticator to, say, his employer, and the employer could then send back an authorization for the user to perform the desired transaction.

None of the above need necessarily take place over a computer network. All the authorization methods described above would also work were the user present in person before the authenticator. As a practical matter, however, the data storage and retrieval steps performed by the authenticator are facilitated by the use of digital computers and high-speed data storage and retrieval systems.

COMPARISON TO OTHER SYSTEMS AND METHODS

PKI (because it uses a private key registered to the user) authenticates that a particular message comes from the user. This is useful for people who want to go to the trouble of getting and registering public/private keys, but takes place after the initial authentication of the user. It is not useful for initially establishing user identity, while the proposed system is useful for both—establishing initial identity and establishing that the user is the same person who was previously authorized.

Many current systems encrypt a password supplied by a user and compare that encrypted password with a file of encrypted passwords. This is used to allow a transaction or other access to the system. This use somewhat resembles the invention, but the differences are several: The use of a password (encrypted or otherwise) does not in itself provide any identity information on the user. That must be provided at the time the password is issued—the best the password can do is extend that identifying information to the current transaction. The embodiments described herein, on the other hand, establish that the user holds a particular identity, and they do so without any tokens (like passwords) previously established between the user and the system he wishes to access.

Another advantage of the present invention is to enable extension of knowledge of a previously-established identity to subsequent transactions without decreasing the value of personal information for subsequent authentication. This is true whether or not the previous identity was established using the methods of the present invention.

It will be obvious to those having skill in the art that many changes may be made to the details of the above-described embodiments without departing from the underlying principles of the invention. The scope of the present invention should, therefore, be determined only by the following claims.

Patent Citations
Cited PatentFiling datePublication dateApplicantTitle
US4890323May 20, 1987Dec 26, 1989Racal-Guardata LimitedData communication systems and methods
US5259025Jun 12, 1992Nov 2, 1993Audio Digitalimaging, Inc.Method of verifying fake-proof video identification data
US5265159Jun 23, 1992Nov 23, 1993Hughes Aircraft CompanySecure file erasure
US5375244May 29, 1992Dec 20, 1994At&T Corp.System and method for granting access to a resource
US5436970Oct 26, 1993Jul 25, 1995Eastman Kodak CompanyMethod and apparatus for transaction card verification
US5613004Jun 7, 1995Mar 18, 1997The Dice CompanySteganographic method and device
US5687236Dec 31, 1996Nov 11, 1997The Dice CompanySteganographic method and device
US5742685Oct 11, 1995Apr 21, 1998Pitney Bowes Inc.Method for verifying an identification card and recording verification of same
US5774551Aug 7, 1995Jun 30, 1998Sun Microsystems, Inc.Computer system
US5832497Aug 10, 1995Nov 3, 1998Tmp Worldwide Inc.Computer system
US5838814Jan 2, 1996Nov 17, 1998Moore; Steven JeromeFor authenticating the validity of a draft
US5841886Dec 4, 1996Nov 24, 1998Digimarc CorporationSecurity system for photographic identification
US5841888Jan 23, 1996Nov 24, 1998Harris CorporationMethod for fingerprint indexing and searching
US5844817Sep 8, 1995Dec 1, 1998Arlington Software CorporationDecision support system, method and article of manufacture
US5850442Mar 26, 1996Dec 15, 1998Entegrity Solutions CorporationSecure world wide electronic commerce over an open network
US5870499Nov 17, 1997Feb 9, 1999Massachusetts Institute Of TechnologyMethod and apparatus for data hiding in images
US5870723Aug 29, 1996Feb 9, 1999Pare, Jr.; David FerrinTokenless biometric transaction authorization method and system
US5872848Feb 18, 1997Feb 16, 1999ArcanvsMethod and apparatus for witnessed authentication of electronic documents
US5883810Sep 24, 1997Mar 16, 1999Microsoft CorporationElectronic online commerce card with transactionproxy number for online transactions
US5884270Sep 6, 1996Mar 16, 1999Walker Asset Management Limited PartnershipMethod and system for facilitating an employment search incorporating user-controlled anonymous communications
US5893090Jan 31, 1997Apr 6, 1999Informix Software, Inc.Method and apparatus for performing an aggregate query in a database system
US5910988Aug 27, 1997Jun 8, 1999Csp Holdings, Inc.Remote image capture with centralized processing and storage
US5940507Jan 28, 1998Aug 17, 1999Connected CorporationFor transferring data units among storage elements
US5973731May 30, 1995Oct 26, 1999Schwab; Barry H.Secure identification system
US5987440Jul 22, 1997Nov 16, 1999Cyva Research CorporationPersonal information security and exchange tool
US5991408May 16, 1997Nov 23, 1999Veridicom, Inc.Identification and security using biometric measurements
US6014650Aug 19, 1997Jan 11, 2000Zampese; DavidPurchase management system and method
US6026166Oct 20, 1997Feb 15, 2000Cryptoworx CorporationDigitally certifying a user identity and a computer system in combination
US6026491Sep 30, 1997Feb 15, 2000Compaq Computer CorporationChallenge/response security architecture with fuzzy recognition of long passwords
US6039248Jan 14, 1998Mar 21, 2000Electronics And Telecommunications Research InstituteMethod for preparing safe electronic notarized documents in electronic commerce
US6073242Mar 19, 1998Jun 6, 2000Agorics, Inc.Electronic authority server
US6085322Oct 12, 1998Jul 4, 2000ArcanvsMethod and apparatus for establishing the authenticity of an electronic document
US6111954Oct 8, 1998Aug 29, 2000Digimarc CorporationSteganographic methods and media for photography
US6118872Mar 24, 1998Sep 12, 2000Fujitsu LimitedApparatus and method for controlling secret data by using positions of input image points on an image and a sequence of the positions
US6122403Nov 12, 1996Sep 19, 2000Digimarc CorporationComputer system linked by using information in data objects
US6125349Jun 30, 1998Sep 26, 2000At&T Corp.Method and apparatus using digital credentials and other electronic certificates for electronic transactions
US6175923Dec 8, 1998Jan 16, 2001Senetas Corporation LimitedSecure system using images of only part of a body as the key where the part has continuously-changing features
US6202151Dec 31, 1997Mar 13, 2001Gte Service CorporationSystem and method for authenticating electronic transactions using biometric certificates
US6230148Jan 29, 1999May 8, 2001Veristar CorporationTokenless biometric electric check transaction
US6263447May 20, 1999Jul 17, 2001Equifax Inc.System and method for authentication of network users
US6282658May 20, 1999Aug 28, 2001Equifax, Inc.System and method for authentication of network users with preprocessing
US6363376Jul 27, 2000Mar 26, 2002Individual Software, Inc.Method and system for querying and posting to multiple career websites on the internet from a single interface
US6363485Sep 9, 1998Mar 26, 2002Entrust Technologies LimitedMulti-factor biometric authenticating device and method
US6385620Aug 16, 1999May 7, 2002Psisearch,LlcSystem and method for the management of candidate recruiting information
US6496936Jun 16, 2000Dec 17, 2002Equifax Inc.System and method for authentication of network users
US6532459Dec 13, 1999Mar 11, 2003Berson Research Corp.System for finding, identifying, tracking, and correcting personal information in diverse databases
US6618806Jul 6, 1999Sep 9, 2003Saflink CorporationSystem and method for authenticating users in a computer network
US6643648Jun 30, 2000Nov 4, 2003Raf Technology, Inc.Secure, limited-access database system and method
US6714944Dec 23, 1999Mar 30, 2004Verivita LlcSystem and method for authenticating and registering personal background data
US6836845Jun 30, 2000Dec 28, 2004Palm Source, Inc.Method and apparatus for generating queries for secure authentication and authorization of transactions
US6845453Jan 30, 2002Jan 18, 2005Tecsec, Inc.Multiple factor-based user identification and authentication
US6904407Sep 24, 2001Jun 7, 2005William D. RitzelRepository for jobseekers' references on the internet
US6959394Sep 29, 2000Oct 25, 2005Intel CorporationSplitting knowledge of a password
US7039951Jun 6, 2000May 2, 2006International Business Machines CorporationSystem and method for confidence based incremental access authentication
US7086085Jun 20, 2001Aug 1, 2006Bruce E BrownVariable trust levels for authentication
US7131009Nov 18, 2004Oct 31, 2006Tecsec, Inc.Multiple factor-based user identification and authentication
US7318048 *Sep 7, 2000Jan 8, 2008Rysix Holdings LlcMethod of and system for authorizing purchases made over a computer network
US7343623May 29, 2003Mar 11, 2008Raf Technology, Inc.Authentication query strategizer and results compiler
US20020091945Oct 30, 2001Jul 11, 2002Ross David JustinVerification engine for user authentication
US20030037248Mar 26, 2002Feb 20, 2003John LaunchburyCrypto-pointers for secure data storage
US20030105762Nov 19, 2001Jun 5, 2003Mccaffrey Mary EllenMethod and system for person data authentication and management
US20040039917May 29, 2003Feb 26, 2004Ross David JustinAuthentication query strategizer and results compiler
US20040064454Sep 29, 2003Apr 1, 2004Raf Technology, Inc.Controlled-access database system and method
US20040139098Jan 7, 2004Jul 15, 2004Permabit, Inc., A Delaware CorporationData repository and method for promoting network storage of data
US20050187873 *Jan 31, 2005Aug 25, 2005Fujitsu LimitedWireless wallet
US20050238207Apr 23, 2004Oct 27, 2005Clifford TavaresBiometric verification system and method utilizing a data classifier and fusion model
US20080127305Feb 8, 2008May 29, 2008Raf Technology, Inc.Authentication query strategizer and results compiler
WO1999022330A1Oct 1, 1998May 6, 1999Janice JohnsonMethod and system for consolidating and distributing information
WO2003103215A1May 29, 2003Dec 11, 2003Raf Technology IncAuthentication query strategizer and results compiler
Non-Patent Citations
Reference
1Allison Linn, "Microsoft Unveils.NET Strategy," The Seattle Times, Mar. 19, 2001, published on the internet at .
2Allison Linn, "Microsoft Unveils.NET Strategy," The Seattle Times, Mar. 19, 2001, published on the internet at <http://dailynews.yahoo.com/h/xseap/20010319/microsoft hailstorm 1.html>.
3PCT/US01/46135 International Search Report dated Jul. 9, 2002.
4PCT/US03/17072 International Search Report dated Aug. 20, 2003.
5PressPass, "Microsoft's Bill Gates Previews New 'Hailstorm' Technologies to Usher in New Era of More Consistent Personalized and User-Centric Experiences," Mar. 19, 2001, published on the internet at .
6PressPass, "Microsoft's Bill Gates Previews New 'Hailstorm' Technologies to Usher in New Era of More Consistent Personalized and User-Centric Experiences," Mar. 19, 2001, published on the internet at <http://www.microsoft.com/ PressPass/press/2001/Mar01/0.
7PressPass, "Microsoft's Bill Gates Previews New ‘Hailstorm’ Technologies to Usher in New Era of More Consistent Personalized and User-Centric Experiences," Mar. 19, 2001, published on the internet at <http://www.microsoft.com/ PressPass/press/2001/Mar01/0.
8PressPass, "Microsoft's Bill Gates Previews New ‘Hailstorm’ Technologies to Usher in New Era of More Consistent Personalized and User-Centric Experiences," Mar. 19, 2001, published on the internet at <http://www.microsoft.com/ PressPass/press/2001/Mar01/03-19HailstormPR.asp.>.
Referenced by
Citing PatentFiling datePublication dateApplicantTitle
US8032927 *Nov 5, 2009Oct 4, 2011Raf Technology, Inc.Verification engine for user authentication
US8316418 *Sep 12, 2011Nov 20, 2012Raf Technology, Inc.Verification engine for user authentication
US8359278Aug 28, 2007Jan 22, 2013IndentityTruth, Inc.Identity protection
US8447687Mar 30, 2010May 21, 2013Albert OGRODSKIMethod and system for centralized identity and account controls
US8819793Sep 20, 2011Aug 26, 2014Csidentity CorporationSystems and methods for secure and efficient enrollment into a federation which utilizes a biometric repository
US20120005733 *Sep 12, 2011Jan 5, 2012Raf Technology, Inc.Verification engine for user authentication
US20120137340 *Nov 29, 2010May 31, 2012Palo Alto Research Center IncorporatedImplicit authentication
WO2012012749A1 *Jul 22, 2011Jan 26, 2012The Dun And Bradstreet CorporationAutomated business and individual risk management and validation process
Classifications
U.S. Classification705/39, 705/40, 705/37, 705/41, 705/38
International ClassificationG06Q30/00
Cooperative ClassificationG06Q30/06, G06Q20/12, G06Q40/04, G06Q20/102, G06Q40/025, G06Q20/105, G06Q20/40, G06Q20/02, G06Q20/388, G06Q20/10
European ClassificationG06Q20/12, G06Q20/40, G06Q20/02, G06Q30/06, G06Q20/388, G06Q20/105, G06Q40/04, G06Q20/10, G06Q40/025, G06Q20/102
Legal Events
DateCodeEventDescription
Mar 18, 2013FPAYFee payment
Year of fee payment: 4
Jun 13, 2006ASAssignment
Owner name: RAF TECHNOLOGY, INC.,WASHINGTON
Free format text: ASSIGNMENT OF ASSIGNORS INTEREST;ASSIGNORS:ROSS, DAVID JUSTIN;CORNELL, BILL G;US-ASSIGNMENT DATABASE UPDATED:20100309;REEL/FRAME:17770/679
Effective date: 20060607
Free format text: ASSIGNMENT OF ASSIGNORS INTEREST;ASSIGNORS:ROSS, DAVID JUSTIN;CORNELL, BILL G;REEL/FRAME:017770/0679